In article <[EMAIL PROTECTED]> you wrote: > I'm looking for (preferably) a company, or individual, to attempt to > breach a standard config I have created to deploy client applications > in production. It is intentionally a minimal config which is tightly > locked down and audited daily.
I think it is very bad efficiency to do black-box testing. Because it requires a very good attacker and much time to find a problem. And if you dont find one, you can't be shure you are secure. It is much better to let the external auditor verify your configuration. Give them access to all config files and documentation, your risk matrix etc. This is much cheaper and much more sucessfull. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
